| *** joevano has quit (Quit: leaving) | 11:57 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 12:17 | |
| *** joevano has quit (Client Quit) | 12:18 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 12:18 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 12:40 | |
| coolacid | Hey, nowen any docs on how the new beta version would work for HA/Cluster? | 14:31 |
|---|---|---|
| nowen | not much, some install docs. what do you want to see? | 14:32 |
| coolacid | I think some design docs, and how to configure? (Not that I expect you to have them right now). | 14:33 |
| coolacid | Also, any updated transaction/sec tests kicking around? | 14:33 |
| nowen | by design - do you mean how to integrate into your network arch? | 14:34 |
| coolacid | No, I assume it would be the same as before, just add a failover component (multiple radius servers I assume). | 14:35 |
| nowen | correct | 14:35 |
| coolacid | So, one "master" multiple slaves? | 14:36 |
| coolacid | So you always write to one, and all the others are slaves? | 14:36 |
| nowen | no, it is master-master. whichever one is closest gets the tx | 14:36 |
| coolacid | What happens if the query starts on one, and fails over to another.. | 14:36 |
| coolacid | Ahh, so HA, not cluster. | 14:37 |
| coolacid | Ok. | 14:37 |
| coolacid | I was more thinking about the new version with global load balancing ;) | 14:37 |
| *** nowen has quit (Quit: Leaving.) | 15:29 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 15:35 | |
| *** nowen has quit (Ping timeout: 256 seconds) | 16:50 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 16:54 | |
| *** nowen has quit (Quit: Leaving.) | 17:52 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 17:53 | |
| *** rfxn (~teck7@bas1-montreal54-1279344592.dsl.bell.ca) has joined #wikid | 21:05 | |
| rfxn | currently on wikid enterprise version 3.4.87-b1216 | 21:06 |
| rfxn | where can i grab the latest RPM's | 21:06 |
| nowen | hey | 21:07 |
| nowen | welcome back | 21:07 |
| rfxn | ty | 21:07 |
| rfxn | about time for our yearly renewal over at ASO too | 21:07 |
| rfxn | next month i think | 21:07 |
| nowen | http://www.wikidsystems.com/downloads | 21:07 |
| nowen | I can get you the direct links if you want | 21:08 |
| rfxn | please that would be appreciated | 21:08 |
| rfxn | also how do I regenerate WiKIDCA.cer | 21:08 |
| nowen | the new RPM will have the latest cert from us. just update and create new intermediate CA and localhost cert. | 21:09 |
| nowen | are you using any wAuth network clients? | 21:09 |
| rfxn | ya | 21:09 |
| rfxn | two for our php interface to it | 21:09 |
| rfxn | to wikid rather | 21:09 |
| rfxn | Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: | 21:09 |
| rfxn | error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /home/grovedev/public_html/ayron/libs/classes/wikid/wClient.inc.php on line 364 | 21:09 |
| rfxn | but we been getting cert errors | 21:09 |
| nowen | ok - recreate those too | 21:09 |
| rfxn | so suspecting the cert expired or something | 21:09 |
| nowen | are you using our ISO? | 21:10 |
| rfxn | delete / readd basically? | 21:10 |
| nowen | yes, after restarting with the new intermediate | 21:10 |
| rfxn | we are on an rpm installation on a CentOS box | 21:10 |
| nowen | x86 or 64? | 21:10 |
| rfxn | yup just recreated intermediate | 21:10 |
| rfxn | 64 | 21:10 |
| nowen | http://wikidsystems-dl.com/wikid-utilities-3.4.3-1.x86_64.rpm | 21:11 |
| nowen | and http://wikidsystems-dl.com/wikid-server-enterprise-3.5.0.b1428-1.noarch.rpm | 21:11 |
| rfxn | any notable changes recently? | 21:11 |
| rfxn | apart from the new site | 21:12 |
| rfxn | which looks great | 21:12 |
| nowen | http://www.wikidsystems.com/downloads/changelogs/enterprise-changelog | 21:12 |
| nowen | thx | 21:12 |
| nowen | lots of little things | 21:12 |
| rfxn | the intermeidate generation stuff on the wikid site | 21:13 |
| nowen | ok - you'll have to create another new cert after this upgrade - there is a new WiKID certificate | 21:13 |
| rfxn | still says its only valid for 30d | 21:13 |
| rfxn | last i recall you noted last year to just ignore that | 21:13 |
| nowen | yeah, we haven't implemented that yet, actually | 21:13 |
| rfxn | noted | 21:13 |
| nowen | yes, still haven't ;-) | 21:13 |
| rfxn | know how that goes, my todo list is a mile long | 21:13 |
| rfxn | Certificate DNs are required to be unique. | 21:17 |
| rfxn | If you have previously requested a certificate you may alter the DN slighty and generate a new CSR. | 21:17 |
| nowen | yes - or I can delete the old one if you want | 21:18 |
| rfxn | delete old one please | 21:18 |
| nowen | ok - should be clear | 21:19 |
| rfxn | perfect ty | 21:21 |
| nowen | np | 21:24 |
| rfxn | when i delete a client wauth | 21:26 |
| rfxn | is it supposed to leave the old key.pem for it | 21:26 |
| rfxn | -rw-r--r-- 1 root root 1055 Apr 21 2012 GroveDev.key.pem | 21:27 |
| rfxn | -rw-r--r-- 1 root root 2164 May 20 17:25 GroveDev.p12 | 21:27 |
| rfxn | -rw-r--r-- 1 root root 2860 Apr 21 2012 GroveDev.pem | 21:27 |
| nowen | it may - but it should overwrite | 21:27 |
| nowen | well, you'll exported the pem from our p12 | 21:27 |
| rfxn | probably | 21:27 |
| rfxn | lol | 21:27 |
| rfxn | been a year | 21:27 |
| nowen | ;-) | 21:27 |
| nowen | after the update you can run 'keytool -list -v -keystore CACertStore' and use changeit as the passprhase. it should show a 2023 expiration | 21:31 |
| nowen | are you'll still around 50 users? | 21:31 |
| rfxn | -rw-r--r-- 1 root root 2447 Apr 23 22:11 WiKIDCA.cer | 21:33 |
| rfxn | is that supposed to still be that old | 21:33 |
| nowen | have you done the rpm -U? | 21:34 |
| rfxn | ya | 21:34 |
| rfxn | and regenerated intermediate ca, installed it and created localhost cert | 21:34 |
| nowen | oh- what about CACertStre? | 21:34 |
| rfxn | and recreated the two wauth clients | 21:34 |
| rfxn | -rw-r--r-- 1 root root 3451 May 20 17:22 CACertStore | 21:34 |
| nowen | that's the one | 21:34 |
| rfxn | user count as in unique users | 21:35 |
| rfxn | or number of registered devices | 21:35 |
| nowen | former | 21:37 |
| rfxn | 85 | 21:38 |
| rfxn | but were about to audit that | 21:38 |
| rfxn | should be 71 | 21:38 |
| nowen | though, I'm curious if your users have more than one token | 21:38 |
| rfxn | as we only have 71 on board staff at the moment | 21:38 |
| rfxn | so thats where it should be | 21:38 |
| rfxn | ya most of our users have multiple tokens | 21:38 |
| rfxn | 2 is the average | 21:38 |
| rfxn | a number have 3 | 21:38 |
| nowen | cool | 21:38 |
| rfxn | 2.7 is the average | 21:38 |
| rfxn | Licenses In Use: 85 | 21:38 |
| rfxn | Current Statistics: | 21:38 |
| rfxn | Registered Devices: 198 | 21:38 |
| rfxn | Unregistered Devices: 1 | 21:38 |
| rfxn | Served Domains: 1 | 21:38 |
| rfxn | Network Clients: 4 | 21:38 |
| rfxn | Protocols Enabled: 2 | 21:38 |
| nowen | another question, while I got you. Would you be interested in WiKID being able to re-set your AD/LDAP passwords? What do you do for password resets now? | 21:39 |
| rfxn | we dont use LDAP | 21:41 |
| nowen | what do you use? | 21:43 |
| rfxn | Radius | 21:43 |
| rfxn | we use wikid as part of our openvpn auth system | 21:43 |
| rfxn | so there is only the temporary wikid token | 21:44 |
| rfxn | and thats it | 21:44 |
| nowen | But do you have an AD/LDAP dir for your local users? | 21:44 |
| rfxn | we do not | 21:44 |
| rfxn | we have local users managed within our intranet system which are in MySQL as part of our larger intranet portal | 21:45 |
| nowen | ahh | 21:45 |
| rfxn | and we manage wikid token codes per user from within that | 21:45 |
| rfxn | *device codes | 21:45 |
| nowen | ok - well, you're not the target market | 21:45 |
| nowen | and if you wanted to automate user password changes to your intranet, you could do that yourself, I'm sure | 21:46 |
| rfxn | indeed | 21:46 |
| nowen | we're looking at offering something that would push an OTP to AD/LDAP as the new password, flagged to reset. No more helpdesk calls | 21:48 |
| rfxn | CA Public key NOT OK! Public key NOT OK! Private key NOT OK! | 21:51 |
| rfxn | Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: | 21:51 |
| rfxn | thoughts on tips to debug that | 21:51 |
| rfxn | Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: | 21:51 |
| rfxn | error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate in /home/grovedev/public_html/libs/classes/wikid/wClient.inc.php on line 364 | 21:51 |
| nowen | you restarted after adding the new cert? | 21:51 |
| rfxn | the new intermediate yes | 21:51 |
| rfxn | the new wauth clients no | 21:51 |
| rfxn | let me restart for good measure | 21:52 |
| nowen | ok - that's it | 21:52 |
| nowen | create new wauth certs after restarting wikid | 21:52 |
| nowen | then you'll have to convert the p12 to keys and a pem for php | 21:53 |
| nowen | I gotta go - I have a board meeting | 21:55 |
| nowen | do you want my email just in case? | 21:55 |
| rfxn | appreciate it, yes please | 21:57 |
| nowen | nowen at wikidsystems.com | 21:57 |
| rfxn | perfect, thanks | 21:57 |
| nowen | ok -later | 21:58 |
| *** nowen has quit (Quit: Leaving.) | 21:58 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!